Cisco Certified Internetwork Expert (CCIE) Practice Test

Which two statements about 802.1x components are true? (Choose two)

• A. The certificates used in the client-server authentication process are stored on the access switch
• B. The access layer switch is the policy enforcement point
• C. The RADIUS server is the policy enforcement point
• D. The RADIUS server is the policy information point

The correct answer is: The access layer switch is the policy enforcement point

The statement regarding the access layer switch as the policy enforcement point is accurate because, in an 802.1X authentication framework, the access layer switch plays a critical role in controlling port access based on authentication results. When a device attempts to connect to the network, the access switch is responsible for determining whether the device is granted access or denied, thus enforcing the security policy in place. It effectively acts as a gatekeeper, allowing only authenticated devices to access the network resources while blocking unauthorized ones. The role of the access switch as the policy enforcement point highlights its function in the overall architecture of 802.1X, where it interfaces directly with endpoints and serves to uphold security measures as dictated by the organization’s policies. This is essential for implementing network access control, ensuring that only devices that are properly authenticated can utilize network services. In contrast, the RADIUS server, while essential in handling authentication, authorization, and accounting (AAA), serves more as the policy information point, where it processes requests from the access switch and provides the necessary decisions based on stored policies. Thus, the correct identification of the access switch in this context emphasizes its pivotal function within the 802.1X deployment for enforcing network access decisions.